darkcomet | a9f15c18a5767047dbac78e55fbca75ae305ed794da19e8d042fd152736c0cfd | Triage

Sharing

General

Target

a9f15c18a5767047dbac78e55fbca75ae305ed794da19e8d042fd152736c0cfd
Size

838KB
Sample

221123-qpvsjaee58
MD5

5d91eed9eb03df6df240a57e5fded2df
SHA1

f86d9f0018030ae5157a2ff63fd296cf1e17d5e0
SHA256

a9f15c18a5767047dbac78e55fbca75ae305ed794da19e8d042fd152736c0cfd
SHA512

aa708df0419cd36b650ba0d720987b5e02ea86907a1202ba64a8888cb131d74d72723d5e878a2a24b123f2f8b0fe9129be88d4fdcc80477e8882c95293a8ce9a
SSDEEP

24576:Iz6ctR5gNykgh/rmjMrfNYx5M8KCu+y5H8J0ffe4tNO:27D2qu2VYfNwqs

Score

10^/10

darkcomet members persistence rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Members

C2

emkadns.uni.me:2121

Mutex

DCMIN_MUTEX-LBZLRNM

Attributes

gencode
mCrAswFlmnAx
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  a9f15c18a5767047dbac78e55fbca75ae305ed794da19e8d042fd152736c0cfd
- Size
  
  838KB
- MD5
  
  5d91eed9eb03df6df240a57e5fded2df
- SHA1
  
  f86d9f0018030ae5157a2ff63fd296cf1e17d5e0
- SHA256
  
  a9f15c18a5767047dbac78e55fbca75ae305ed794da19e8d042fd152736c0cfd
- SHA512
  
  aa708df0419cd36b650ba0d720987b5e02ea86907a1202ba64a8888cb131d74d72723d5e878a2a24b123f2f8b0fe9129be88d4fdcc80477e8882c95293a8ce9a
- SSDEEP
  
  24576:Iz6ctR5gNykgh/rmjMrfNYx5M8KCu+y5H8J0ffe4tNO:27D2qu2VYfNwqs
Score

10^/10

darkcomet members persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometmemberspersistencerattrojan

behavioral2

darkcometmemberspersistencerattrojan